Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Preventing user from connecting other than through VPN

Posted on 2006-11-21
8
Medium Priority
?
293 Views
Last Modified: 2008-02-01
I have a Virtual Machine (VM) with a VPN connection. I double click the icon on the desktop to connect. After that I go out under the VPNs IP. When I am not connected I go out under my IP (Verizon DSL).

What I want is preventing the ability to go out to the internet from this VM except under VPN. That is if someone forgets to "dial in" and tries to open the IE or other application he gets an error.

"other application" = "any program accessing the Internet". ICQ, FTP client, whatever.
0
Comment
Question by:SergiyK
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
8 Comments
 
LVL 77

Expert Comment

by:Rob Williams
ID: 17990811
One option:  Statically assigning the remote VPN site's local DNS server as the only DNS server, in the TCP/IP DNS properties of the connecting VM, will restrict access,s unless they try to do so by IP. If you do so, your VPN will have to connect by IP or have a manual entry in the Hosts file for the domain name to which it is connecting, since it will not be able to resolve DNS names until the VPN is connected.
0
 

Author Comment

by:SergiyK
ID: 17995424
I do not know what the remote site's DNS server is. How do I find out?
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 17995498
That is a good question :-)  Usually you would have some involvement in the management of the remote site an know that. Can you contact someone at that site and ask them at a command line to run   ipconfig  /all    this will return it's DNS configuration. If not let us know what type of VPN connection you have or client you are using and you may bed able to retrieve it. You may already have it on the local machine. You could run ipconfig  /all on the local machine while the VPN is connected, and check next to DNS for an IP starting with 192.168.x.x, 10.x.x.x or 172.16-31.x.x  Then make sure it is not part of your local network.
You could also try while connected to the VPN using    nslookup  RemoteDomainName.abc  if you no the domain name.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:SergiyK
ID: 17995645
I am using a regular VPN :) I set it up like this:


New Connection ->
Connect ... at workplace -->
V.P.N. ->
Company name = *** -->
Do not dial initial connection -->
IP = **.**.***.***

Then I hit connect, enter user name and password and I am there.

Ipconfig did not really work...

C:\Documents and Settings>ipconfig
Windows IP Configuration
An internal error occurred: Incorrect function.
Please contact Microsoft Product Support Services for further help.
Additional information: Unknown media status code.
0
 

Author Comment

by:SergiyK
ID: 17996066
Ok, Ipconfig worked now:


Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . : *****.******.com
        IP Address. . . . . . . . . . . . : 192.168.*.**
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.*.*

PPP adapter Bagalya:

        Connection-specific DNS Suffix  . :
        IP Address. . . . . . . . . . . . : 192.168.*.***
        Subnet Mask . . . . . . . . . . . : 255.255.255.255
        Default Gateway . . . . . . . . . : 192.168.*.***
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 17999352
You need to use:   ipconfig /all    to get the DNS servers. But it may not help. The one you want should be displayed under the PPP adapter's configuration.

Do you have a domain at your end, or might *****.******.com be the domain name at the remote end? If so try, when the VPN is connected entering;
nslookup   *****.******.com
and it should return the IP of the remote DNS server.
0
 

Author Comment

by:SergiyK
ID: 18015802
C:\Documents and Settings>nslookup myhome.westell.com
Server:  dslrouter
Address:  192.168.1.1

Name:    myhome.westell.com
---

This is my router's IP address...

By the way, can I set up the router for this VM so that traffic of this partricular VM can go only from one IP (VPN)?

0
 
LVL 77

Accepted Solution

by:
Rob Williams earned 1000 total points
ID: 18019348
>>'can I set up the router for this VM so that traffic of this partricular VM can go only from one IP (VPN)?"
Not familiar with your modem/router, but as a rule on simple units like the Westells, you can control what IP's are allowed outgoing connections, but not where they go. Where the VPN is a virtual connection I doubt you can block it in that way.

>>"Server:  dslrouter"
As mentioned, that is the router. You need the corporate DNS server's IP.
Do you know the name of any computers or servers at the corporate site, even if by checking drive mappings? If so using nslookup as suggested earlier should return the computers IP but also the IP of the DNS server that resolved the name. This of course has to be done while the VPN is connected.
nslookup  RemoteDomainName.abc  
0

Featured Post

What’s Wrong with Your Cloud Strategy ?

Even as many CIOs are embracing a cloud-first strategy, the reality is that moving to the cloud is a lengthy process and the end-state is likely to be a blend of multiple clouds—public and private. Learn why multicloud solutions matter in this webinar by Nimble Storage.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question